Add entries for each router, switch, pix firewall you'd like to backup by using the following format.

Code:

add password IPADDRESS {telnetpassword} {enablepassword}

IPADDRESS = the actual ip address of the device you want to backup.
telnetpassword = the actual telnet password for the device you want to backup.
enablepassword = the actual enable password for the device you want to backup.

The "{}" are required. At the bottom of the .clogin add the following line if you require SSH access to your equipment.

Now using once of the network devices that you've put in the .cloginrc for rancid type the following in the open terminal.

Code:

/usr/lib/rancid/bin/clogin IPADDESSOFDEVICE

You should see the clogin telnet (or ssh) to the device in question and switch to enable mode on the device. If everything works the proceed on to step 8. Otherwise take a look at your /var/lib/rancid/.cloginrc .

Step 9: Test grabing a backup config from the same device.
--------------------------------------------------------------------

As rancid run the following test to make sure that you have everything setup correctly.

Step 10: Create the bash script for the backups
--------------------------------------------------------------------

Here's a sample script for you to copy and paste into a file (i.e. network_device_backup.sh) and to tweak, add, or change for your needs. But save the script somewhere the rancid user can access and execute the script from (i.e./var/lib/rancid/). If you are planning on backing up a various types of routers, switches, firewalls etc you may want to create serveral differnet scripts.

Now from wherever you put the backup script verify that it works before adding it as a cron job. For this example I'm going to use the following location /var/lib/rancid/.scripts/routers.sh with the output path being /var/lib/rancid/backups/.

Code:

./var/lib/rancid/.scripts/routers.sh

verify the config file that was generated to the output path you specified.

Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

Add entries for each router, switch, pix firewall you'd like to backup by using the following format.

Code:

add password IPADDRESS {telnetpassword} {enablepassword}

IPADDRESS = the actual ip address of the device you want to backup.
telnetpassword = the actual telnet password for the device you want to backup.
enablepassword = the actual enable password for the device you want to backup.

The "{}" are required. At the bottom of the .clogin add the following line if you require SSH access to your equipment.

Code:

add method * telnet ssh

With this clogin will first try to telnet then ssh to your equipment.

Very nice and useful howto! Just what I've been looking for!
But what if my routers use local authentication with username/password and not only password?
How exactly would the /var/lib/rancid/.cloginrc file look in this case?
TIA
Ziv

Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

Hi Ziv,

The .cloginrc format is.

Code:

add password <router name glob> <vty passwd> <enable passwd>
add user <router name glob> <username>
The default user is $USER (i.e.: the user running clogin).
add userprompt <router name glob> <username prompt>
What the router prints to prompt for the username.
Default: {"(Username|login|user name):"}
add userpassword <router name glob> <user password>
The password for user if different than the password set
using 'add password'.
add passprompt <router name glob> <password prompt>
What the router prints to prompt for the password.
Default: {"(\[Pp]assword|passwd):"}
add method <router name glob> {ssh} [...]
Defines, in order, which connection method(s) to use for a device
from the set {ssh,telnet,rsh}. e.g.: add method * {ssh} {telnet} {rsh}
will attempt ssh connection first. if ssh fails with connection
refused (i.e.: not due to authentication failure), then try telnet,
then rsh.
Default: {telnet} {ssh}
add noenable <router name glob>
equivalent of -noenable on the cmd line to not enable at login.
add enableprompt <router name glob> <enable prompt>
What the router prints to prompt for the enable password.
Default: {"\[Pp]assword:"}
add enauser <router name glob> <username>
This is only needed if enable asks for a username and this
username is different from what user is set to.
add autoenable <router name glob> <1/0>
This is used if you are automatically enabled by the login process.
add cyphertype <router name glob> <ssh encryption type>
Default is 3des.
add identity <router name glob> <path to ssh identity file>
Default is your default ssh identity.

Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

Re: HOW TO: Automating Cisco Router, Switch, and Firewall backups

Another little question, let's say I set the default user "rancid" on every router with priv 15
is there a way I can set a global variable of the user to be used on every device? or I still need to add an entry for every single device even the same user/pass is set on all of them?

Error Message

Thanks for the information.
I have a problem with the configuration. I do everything as mentioned but when I am ready to execute "/usr/lib/rancid/bin/clogin IPADDRESSDEVICE" it gives the error "/home/rancid/.cloginrc must not be world readable/writable", so I have no idea how to solve this problem. If some body has an idea?